// https://syzkaller.appspot.com/bug?id=48781c4af80aa18724ffca7a0be2e8055dfd5315
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

static void execute_one();
extern unsigned long long procid;

void loop()
{
  while (1) {
    execute_one();
  }
}

uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};
unsigned long long procid;
void execute_one()
{
  long res = 0;
  memcpy((void*)0x20000040, "/dev/kvm", 9);
  res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000040, 3, 0);
  if (res != -1)
    r[0] = res;
  res = syscall(__NR_ioctl, r[0], 0xae01, 0);
  if (res != -1)
    r[1] = res;
  res = syscall(__NR_eventfd2, 0, 1);
  if (res != -1)
    r[2] = res;
  *(uint32_t*)0x20000100 = 0;
  *(uint32_t*)0x20000104 = r[2];
  *(uint32_t*)0x20000108 = 0;
  *(uint32_t*)0x2000010c = 0;
  *(uint32_t*)0x20000110 = 0;
  *(uint32_t*)0x20000114 = 0;
  syscall(__NR_ioctl, r[1], 0x4018aebd, 0x20000100);
  *(uint32_t*)0x20000140 = 5;
  *(uint32_t*)0x20000144 = -1;
  *(uint32_t*)0x20000148 = 1;
  *(uint32_t*)0x2000014c = 0;
  *(uint32_t*)0x20000150 = 0;
  *(uint32_t*)0x20000154 = 0;
  syscall(__NR_ioctl, r[1], 0x4018aebd, 0x20000140);
}

int main()
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  for (procid = 0; procid < 8; procid++) {
    if (fork() == 0) {
      for (;;) {
        loop();
      }
    }
  }
  sleep(1000000);
  return 0;
}